1. Field of the Invention
This invention pertains to technologies for secure handling and encryption of data in removable media, such as on computer tapes and tape drives.
2. Background of the Invention
More and more data is being written to tapes as encrypted data to protect this information in transit. The data is generally encrypted by a symmetric key, and possession of the key is required to decrypt the tape.
Symmetric encryption, also known as secret-key cryptography, refers to an encryption scheme in which both the encrypting party (or device) and the decrypting party (or device) share a single, common key value. Symmetric encryption tends to be simpler, using only one key or password value, and faster to execute. One commonly used symmetric encryption scheme is Data Encryption Standard (“DES”).
For example, if a set of database records are written to a tape in preparation for shipping the tape from one data center to another, the administrator may specify a password for DES encryption routine which would then encrypt the data as it is stored on the tape. The administrator would then securely share the password with the intended recipient administrator at the destination data center.
If during transit the tape were stolen, lost, or duplicated, a person or system attempting to decrypt the data would be unable to do so unless he or she possessed the secret key (e.g. the password), or an encryption busting tool. It is more common that the password would be compromised, but encryption busting tools are also available for weaker encryption schemes.
When the tape arrives at its destination data center, the second administrator would then mount the tape, supply the password to a DES decryption routine, and then as the data is read from the tape, it would be decrypted and stored locally, such as in a database.
As such, existing means of decrypting the tape are based on the encryption key being loaded into the reading tape drive by an external entity, with simply being able to access the tape allows for loading of the key, and for reading of the data. This provides a relatively insecure environment, which is difficult to automate.
Therefore, there is a need in the art for a computer media encryption and decryption method and system which are relatively easy to operate, but which provide data security.